Offering tips to attendees at the Cybersecurity Summit last week in downtown Denver, Colorado Attorney General Phil Weiser made a reference some readers might recognize: “What I would say about cybersecurity is what Mad-Eye Moody said to Harry Potter: ‘Constant vigilance.’”
That might have been a recurring theme across the panel discussions held Wednesday. The Ballard Spahr-hosted event featured speakers from the Colorado Attorney General’s Office and private and in-house lawyers and covered issues spanning the legal landscape of cybersecurity.
The Colorado Attorney General’s Office is the state’s prime enforcer of data privacy rights, particularly Colorado’s data breach notification requirements. Weiser shared his views on enforcing data privacy laws and best practices. “Constant vigilance,” he said, includes monitoring who’s in the organization’s networks and whether it has adopted current practices in encryption and two-factor authentication.
“Organizations should be living in fear of how cybersecurity harms can cripple them,” Weiser said. “The challenge for lawyers and those in public policy is how do we create a regulatory regime that acts in the service of better cybersecurity, not one that gets in the way?”
Weiser said he is “a big fan” of Europe’s co-regulation approach, which he described as governments laying out data privacy principles, giving private entities “room to implement them,” and the governments overseeing compliance. That approach is “promising” for driving better practices in data privacy and security, Weiser said. “As we think about cybersecurity in Colorado, and also nationally, this is the way I’d like to see us go.”
In one of the panels, attorneys from Weiser’s office discussed how it enforced Colorado’s new data privacy law in its first year on the books. Mark Bailey and Dan Pietragallo, senior assistant attorneys general in the consumer fraud unit, stressed their remarks weren’t to be taken as legal advice, but they offered insights on how they often make enforcement decisions.